SAQA All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.
SOUTH AFRICAN QUALIFICATIONS AUTHORITY 
REGISTERED QUALIFICATION: 

Advanced Certificate in Information Technology Governance 
SAQA QUAL ID QUALIFICATION TITLE
109601  Advanced Certificate in Information Technology Governance 
ORIGINATOR
Richfield Graduate Institute Of Technology (Pty) Ltd. (previously known as PC Training And Business College (Pty) Ltd) 
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY NQF SUB-FRAMEWORK
CHE - Council on Higher Education  HEQSF - Higher Education Qualifications Sub-framework 
QUALIFICATION TYPE FIELD SUBFIELD
Advanced Certificate  Field 10 - Physical, Mathematical, Computer and Life Sciences  Information Technology and Computer Sciences 
ABET BAND MINIMUM CREDITS PRE-2009 NQF LEVEL NQF LEVEL QUAL CLASS
Undefined  120  Not Applicable  NQF Level 06  Regular-Provider-ELOAC 
REGISTRATION STATUS SAQA DECISION NUMBER REGISTRATION START DATE REGISTRATION END DATE
Reregistered  EXCO 0821/24  2019-05-29  2027-06-30 
LAST DATE FOR ENROLMENT LAST DATE FOR ACHIEVEMENT
2028-06-30   2031-06-30  

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.  

This qualification does not replace any other qualification and is not replaced by any other qualification. 

PURPOSE AND RATIONALE OF THE QUALIFICATION 
Purpose:
The introduction of Information Computer Technologies (ICTs) into many aspects of everyday life has led to the development of the modern concept of the information society. The availability of ICTs and new network-based services offer a number of advantages for society in general, especially for developing countries. ICT applications, such as e-government, e-commerce, e-education, e-health and e-environment, are seen as enablers for development, as they provide an efficient channel to deliver a wide range of basic services. ICT applications can facilitate the achievement of the sustainable Development Goals, reducing poverty and improving health and environmental conditions in developing countries. However, the growth of the information society is accompanied by new and serious threats. Essential services such as water and electricity supply now rely on ICTs, as do most businesses and organisations, as well as citizens.

Attacks against information infrastructure and Internet services have already taken place, while online fraud and hacking attacks are just some examples of computer-related crimes that are committed on a large scale every day. The financial damage caused by cybercrime is reported to be enormous. This 'digital paradox' means that while governments and organisations can offer more services, more quickly, than ever before, yet at the same time cybercrime has become a powerful countervailing force that's limiting that potential and substantially increasing the risk factor of the business world.

With the introduction of E-Commerce and the ease of which to conduct business online has introduced greater variety and convenience into our lives, it also opens more and more avenues for people to be targeted by cyber criminals. International and domestic cyber criminals increasingly view businesses and private individuals as attractive targets for a range of cybercrime. The purpose of the Advanced Certificate in Information Technology (IT) Governance and Compliance is to provide a graduate with the necessary expertise and knowledge to take on appropriate professional positions in the field of IT Governance and Compliance.

This qualification provides target learners with the aptitude and fortitude to take the necessary steps in being responsible of being compliant with relevant IT Auditing Frameworks and IT Compliance Standards both internal and external to organisations, including the international environment. It will also equip learners with the technical computer forensic tools, skills and reflective competences to deal with cybercrime investigations. In essence, the focus of this programme is to improve the practice of information security by applying IT Governance and Compliance.

The qualifying learner will have the ability to:
  • Provide an understanding of the various major disruptions that an organisation needs to prepare for and to learn to analyse and prioritise risks and determine criticality ratings that are used to determine survival strategies.
  • Develop knowledge and understanding of the processes involved in the development and use of Service Level Agreements (SLA's) and Request for Proposals (RFP's).
  • Develop knowledge and understanding of the various cyber - security incidents that occur in today's highly technological world and the disaster recovery techniques that may apply to overcome these.
  • Develop a basic understanding of the evolution of Web Technology and the migration of business conducting transactions over the internet.
  • Apply appropriate IT auditing skills in conducting an IT Audit.

    Rationale:
    With the proliferation of cyber-attacks and the increasing effectiveness of cyber criminals, organisations and indeed nation states are increasingly finding themselves vulnerable and at risk. Knowledge of the Cyber domain is the first and vital step in being able to analyse a cyber-attack and the precautionary measures that need to be taken thereafter in order to safeguard the organisation becomes of paramount importance. With the increase in cyber-attacks, the urgent demand for competent personnel has been increasing over time. This demand is coupled with the need for Information Technology Governance expertise. These are key drivers that have encouraged the institution to offer this Advanced Certificate qualification in Information Technology Governance.

    This qualification is expected to sustain continuous learning and development of learners as well as meet needs of other stakeholders. The national scarce skills list provides a dynamic process of identifying job in demand by learners and occupations that are vacant by businesses.
    The qualification is designed to address the five critical areas to building a developmental information society as identified by the South African Department of Communications:
  • E­Governance.
  • E­Skills Development.
  • Small, Medium and Micro-sized Enterprise (SMME) Development.
  • Information Ethics.
  • Information and Communications Technology (ICT) Rural Development.

    The demand coupled with the statistics of the National Scarce Skills list for South Africa (2015), published by the Department of Labour identifies scarce and critical skills required by the country. This qualification aims to address the National scarce skills set in respect of Information Technology (IT) Governance. 
    		•

    LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING 
    Recognition of Prior Learning (RPL):
    The Institutional Recognition of Prior Learning (RPL) policy and procedures are followed as. It is acknowledged that all learning has value and prior learning may be assessed to award credit where relevant. Learners can apply for RPL against a module, or part/full qualification for learning obtained through formal. Informal and non-formal learning. Learners need to submit a Portfolio of Evidence for assessment, and credits/exemption may be granted for some modules in the qualification, and/or admission may be granted into the qualification. Leaners have the opportunity to appeal against the assessment results where credits or admission were not awarded.

    Entry Requirements:
    The minimum entry requirement is:
  • Higher Certificate at NQF Level 5 in a relevant cognate filed.
    Or
  • Successful Recognition of Prior Learning. 
    		•

    RECOGNISE PREVIOUS LEARNING? 

    QUALIFICATION RULES 
    This qualification consists of compulsory modules at National Qualifications Framework (NQF) Level 5 totalling 120 Credits.

    Compulsory Modules:
  • Information Technology (IT) Auditing, 15 Credits.
  • IT Risk Management, 15 Credits.
  • Cyber Security Principles, 10 Credits.
  • IT Compliance Project Management, 10 Credits.
  • Secure Electronic Commerce, 10 Credits.
  • Business Continuity/Disaster Recovery Management Techniques, 10 Credits.
  • Information Technology Service Management, 10 Credits.
  • Projects (Information Security Risk Assessment), 15 Credits.
  • Information Security Management, 10 Credits.
  • Work Integrated Learning, 15 Credits. 
    		•

    EXIT LEVEL OUTCOMES 
    1. Provide an understanding of the various major disruptions that an organisation needs to prepare for, analyse and prioritise risks, and determine criticality ratings that are used to determine survival strategies.
    2. Develop knowledge and understanding of the processes involved in the development and use of Service Level Agreements (SLA's) and Request for Proposals (RFP's).
    3. Develop knowledge and understanding of the various cyber-security incidents that occur in today's highly technological world and the disaster recovery techniques that may apply to overcome these.
    4. Develop a basic understanding of the evolution of Web Technology and the migration of business conducting transactions over the internet.
    5. Apply appropriate Information Technology (IT) auditing skills in conducting an IT Audit. 

    ASSOCIATED ASSESSMENT CRITERIA 
    Associated Assessment Criteria for Exit Level Outcome 1:
  • In-depth knowledge of the various disaster recovery techniques as part of a more comprehensive business continuity management system are critically discussed.
  • The understanding of plans, policies and procedures in business continuity is illustrated.
  • The need to distinguish between the various threats to businesses is critically discussed.
  • A detailed explanation on the application of International Organisation for Standardisation (ISO) 27031 is demonstrated.

    Associated Assessment Criteria for Exit Level Outcome 2:
  • In-depth knowledge of the various stages in the Service Lifecycle is illustrated.
  • The various stages that need to be followed to construct a request for proposal (RFP) and service level agreement (SLA) is illustrated.
  • A detailed explanation of the role of capital and operating budgets is illustrated.
  • In depth knowledge of the ISO standard 20000 that enables information Technology (IT) organisations to ensure their ITSM processes are aligned is illustrated.

    Associated Assessment Criteria for Exit Level Outcome 3:
  • In-depth knowledge of the risk management processes and practices associated with cyber-crime are discussed and evaluated.
  • The process of selecting and applying tools and hardening techniques to various cyber security situations are demonstrated.
  • The different classes of cyber security attacks and the dangers they pose to organisations are critically discussed.

    Associated Assessment Criteria for Exit Level Outcome 4:
  • The evolution of Web Technology and the migration of businesses conducting transactions over the Internet are critically discussed.
  • The Web security landscape associated with E-Commerce platforms are critically discussed.
  • The evaluation of coding structures and the coding issues associated with them is demonstrated.
  • Digital payments and the security issues pertaining to online transactions are illustrated.

    Associated Assessment Criteria for Exit Level Outcome 5:
  • The data analytics and the various specialised fraud investigation techniques in the IT auditing process is illustrated.
  • The application of a range of techniques to conduct an IT Audit is assessed and implemented.
  • The need for an IT Auditor and the important role they play in today's highly technologically driven business world is critically discussed.
  • The various risks associated with business are evaluated.

    Integrated Assessment:
    Formative and Summative Assessment are used to assess competence. Formative Assessment is integrated with most modules and learners complete a series of assignments as they progress to build a portfolio. Assignments and tasks are marked and feedback given to learners. The feedback will direct and support their learning, achievement of outcomes, and prepare them for examinations. Tasks included in portfolios may include projects, case studies, essays, simulations, experiments, assignments, online activities interactions, and presentations. Portfolios are assessed to determine a module year/semester mark. A minimum of 40% is required for entry into the examination which serves as the summative assessment which evaluates the achievement of outcomes and mastery of the larger body of knowledge which forms part of the curricula. The final examination is undertaken under normal exam conditions. 
    		•

    INTERNATIONAL COMPARABILITY 
    This qualification has been compared with quality qualifications offered internationally. Given that it incorporates the latest trends, developments and knowledge in a rapidly changing and advancing field, it compares favourably with similar qualifications offered at:

    Massachusetts Institute of Technology (MIT):
    MIT offers a certificate in applied cybersecurity which contains modules, such as business information continuity, information risk management with content on Security Policy and Compliance. The content also touches on safe internet usage and internet fraud which are related to Advanced Certificate in Information Technology Governance subject areas, such as secure electronic commerce, cyber security, information security management and information technology compliance project management.

    University of St. Thomas:
    The Graduate certificate in computer security explores courses such as information technology security and computer security which are related with modules in the Advanced certificate in Information Technology Governance, such as information security and cyber security principles.

    University of South Florida:
    The graduate Certificate in Information Assurance modules, such as Information security, risk management and decision processes for business continuity and disaster recovery contain content that relates favourably with similar modules, such as information security management, business continuity/disaster recovery management techniques and information technology risk management, which are offered in the Advanced Certificate in Information Technology Governance.

    Stanford University:
    The Certificate in Project management contains modules on risk analysis and management, project management, which are related to the content of related modules in Advanced Certificate in Information Technology Governance.

    University of Washington:
    The Graduate Certificate in Cyber Security Management aims to build knowledge and understanding in Information Technology Security Governance. Modules such as cyber security governance, Risk and enterprise information security compare well with the content of Advanced Certificate in Information Technology in Governance.

    Temple University:
    Temple University's Information Technology (IT) Governance qualification syllabus is structured around policy and audit, and contain content on IT Security policy, IT Compliance, Disaster Recovery and Business Continuity, IT Risk Audit and IT Strategic Management, which compare favourably with the content in Advanced Certificate in Information Technology Governance.

    University of Illinois:
    University of Illinois's qualification in Enterprise IT governance contains modules, such as IT Portfolio Management, Security and Risk Management whose content is related to content in modules of Advanced Certificate in Information Technology Governance. 

    ARTICULATION OPTIONS 
    The Qualification offers the following Horizontal and Vertical articulation opportunities.

    Horizontal Articulation:
    Diploma in Computer Science, NQF Level 6.
    Diploma in Information Technology, NQF Level 6.

    Vertical Articulation:
  • Bachelor of Science in Information Technology, NQF Level 7. 
    		•

    MODERATION OPTIONS 
    N/A 

    CRITERIA FOR THE REGISTRATION OF ASSESSORS 
    N/A 

    NOTES 
    N/A 

    LEARNING PROGRAMMES RECORDED AGAINST THIS QUALIFICATION: 
     
    NONE 


    PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS QUALIFICATION: 
    This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.
     
    NONE 


    All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.